Configuring Virtual Routers

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

Configuring Virtual Routers > Configuring Virtual Routers
Configuring Virtual Routers
There are seven general sets of parameters that you can configure on a virtual router. Each set is represented on a tab in the work area:

Virtual Router—Allows you to name the virtual router

SSCC—Allows you to set the parameters for the SDX client (formerly SSCC)

DHCP Relay—Allows you to enable the DHCP relay agent and to associate DHCP relay servers with the virtual router

AAA—Allows you to set the attributes related to authentication, accounting, and address resolution

Radius—Allows you to set the parameters for RADIUS protocols and to associate authentication and accounting servers with the virtual router

Global Traps—Allows you to set global trap parameters for the specified virtual router

Trap Destinations—Allows you to set trap destination parameters for the specified virtual router

NOTE: (SNMPv3 version only) Before the NMC-RX application can begin to communicate with the router, SNMPv3 parameters must be set on the router by using the CLI. Use the NMC-RX application's remote login feature to access the CLI.

To configure a virtual router:

In the Device-wide Explorer, click Virtual Routers.

Right-click and click List All.

All virtual routers are displayed in the list area.

In the list area, select the virtual router you want to configure, right-click, and click Configure.

The virtual router appears in the work area.

Set the parameters for each tab in the work area. See the following sections for information.

When you have finished setting the parameters, click Save to save the new settings.

Configuring the SDX Client

The E-series device has an embedded client that interacts with the Service Deployment System (SDX). To configure the SDX client, you specify the IP addresses of primary, secondary, and/or tertiary SDX servers. You can specify the port on which each SDX server listens for activity. You can also identify SNMP community strings, which permits a communication exchange between the SDX and NMC-RX applications.

To configure the SDX client parameters:
Click the SSCC tab.
Set the parameters (Table 18).
 Table 18:  SDX Client Parameters 

 Parameter
 Description

 SSCC Client Enabled

 Enables the SDX client


 Primary Address

 IP address for the primary SDX server


 Secondary Address

 IP address for the secondary SDX server (optional)


 Tertiary Address

 IP address for the tertiary SDX server (optional)


 Switchover Timeout (sec.)

 Number in the range 5-300 seconds. The delay period during which the SDX client waits for a response from the SDX server. When the timer expires, the client attempts to reach the secondary server and, if that fails, the tertiary server, before trying the primary server again. The client waits for the delay period with each attempt.


 Primary Port 

 Port on which the primary SDX server listens for activity


 Secondary Port

 Port on which the secondary SDX server listens for activity (optional)


 Tertiary Port

 Port on which the tertiary SDX server listens for activity (optional)


 SNMP Community Strings

 Read Only

 SNMP Read Only community string used by SDX application when communicating with this virtual router; up to 32 alphanumeric characters


 Read Write

 SNMP Read/Write community string used by SDX application when communicating with this virtual router; up to 32 alphanumeric characters



 
If you have finished configuring the virtual router, click Save. Otherwise, continue to the next tab.
Associating DHCP Relay Servers

The DHCP Relay tab allows you to associate DHCP relay servers with the virtual router you are creating on an E-series device. The DHCP relay feature relays a request from a remote client to a DHCP server for an IP address. When the system receives a DHCP request from an IP client, it forwards the request to the DHCP server and passes the response back to the IP client.

To associate a DHCP relay server with the virtual router:
Click the DHCP Relay tab.
To enable the DHCP Relay Agent, select the check box.
When you enable the agent, the E-series device adds the DHCP relay agent information option to every packet it relays from a DHCP client to a DHCP server.

Click Add/Remove Server to associate servers with the virtual router.

The Add/Remove DHCP Relay Servers dialog box appears.
To associate a server with the virtual router, select the server in the Available Servers list, and click Add.

The server's name appears in the Selected Servers list.

NOTE: You can associate a maximum of five DHCP relay servers with a single virtual router.

Click Close.

The application returns to the DHCP Relay tab with the selected servers added to the table.

If you have finished configuring the virtual router, click Save. Otherwise, continue to the next tab.

Configuring AAA

The AAA tab provides access to the parameters for authentication, accounting, and address resolution on an E-series device.

To configure AAA:
Set the parameters for authentication and accounting (Table 19).
 Table 19:  Authentication and Accounting Parameters 

 Parameter
 Description

 Authentication

 Protocol

 Currently, the only protocol option available for authentication is RADIUS, a distributed client/server system that protects networks against unauthorized access. Option is set automatically.


 User Session

 Idle Timeout (sec)

 Maximum number of seconds that a user session can be idle before the system disconnects the user. Range 0 or 300-7200; zero means no limit; default 0.


 Session Timeout (sec)

 Maximum number of seconds that a user session can be established before the system disconnects the user. Range 0 or 60-604800; zero means no limit; default 0.


 Accounting

 Protocol

 Currently, the only protocol option available for accounting is RADIUS. Option is set automatically.


 Interval(min)

 Specifies the number of minutes between accounting updates. Range 10-1080; default 0; zero (0) disables.


 Stop on Failure

 Enables/disables the accounting stop message sent to the accounting server when the authentication server access is denied. Default: disabled.


 Stop on Access Deny

 Enables/disables the accounting stop message sent to the accounting server when the authentication server grants access, but AAA denies access. Default: disabled.


 Duplication

 Specifies that duplicate accounting records are to be sent to the accounting server on another virtual router. Click 
 to select a virtual router from the Associate Virtual Routers dialog box.



 
Set the parameters for address resolution (Table 20).
You can optionally assign IP addresses to Domain Name System (DNS) and Windows Internet Name Service (WINS) name servers.
 Table 20:  Address Resolution Parameters  

 Parameter
 Description

 Addressing Scheme


   Local—Enables the use of a local address pool for address allocations
   DHCP—DHCP relay server supplies the IP addresses 



 Duplicate Address Check

 Enables/disables the duplicate IP address checking, which causes the system to check the routing table for the PPP user's dynamic IP address provided to PPP from AAA; default: disabled.


 Name Servers

 Primary DNS

 IP address of the primary DNS name server


 Secondary DNS

 IP address of the secondary DNS name server


 Primary WINS

 IP address of the primary WINS name server


 Secondary WINS

 IP address of the secondary WINS name server



 
If you have finished configuring the virtual router, click Save. Otherwise, continue to the next tab.

Configuring RADIUS Servers

The Radius tab allows you to set the parameters for RADIUS authentication and accounting servers. It also allows you to associate authentication and accounting servers with the virtual router you are creating. The authentication server determines whether or not a user is allowed access to a specific service or resource. The accounting server tracks service use by subscribers.

To configure RADIUS servers:
Click the Radius tab.

Set authentication and accounting server parameters (Table 21).
 Table 21:  RADIUS Authentication and Accounting Server Parameters 

 Parameter
 Description

 Radius Algorithm


   Direct—The first authentication or accounting server that you configure is treated as the primary authentication or accounting server, the next server configured is the secondary, and so on. 
   Round-robin—The first configured server is treated as a primary for the first request, the second configured server as primary for the second request, and so on. When the system reaches the end of the list of servers, it starts again at the top of the list.



 Authentication/Accounting Servers

 The Radius tab allows you to associate authentication and accounting servers with the virtual router you are creating. See Associating RADIUS Servers with a Virtual Router.


 Server Properties
 


 Server Name        

 Name associated with this server; up to 32 alphanumeric characters


 IP Address    

 Valid IP     address for the server


 UDP Port

 Number in the range 0-65536 representing the port where the RADIUS server resides


 Retry Count

 Number in the range 0-16 representing the number of times the E-series device will attempt to resend a request to the server before sending it to the next server in the list


 Timeout (sec)

 Number in the range of 3-30 seconds representing the amount of time that will elapse between retry attempts


 Max. Sessions

 Number in the range 10-4000 representing the outstanding requests that the server can have before it sends any new requests to the next server


 Dead Time (min)

 Amount of time that will elapse before another attempt is made to reach that system. A server that fails to answer a request is marked unavailable; range 0-30 minutes.


 Secret

 Used for encrypting communication between the client and the server. Up to 32 characters. Default: blank.



 
If you have finished configuring the virtual router, click Save. Otherwise, continue to the next tab.
Associating RADIUS Servers with a Virtual Router

To associate an authentication or accounting server with a virtual router:

On the Authentication or Accounting tab, click Add/Remove Server.

The Add/Remove Authentication or Accounting Servers dialog box appears.
To associate a server with the virtual router, select the server in the Available Servers list, and click Add.

The server's name appears in the Selected Servers list.

NOTE: You can associate a maximum of ten authentication and ten accounting servers with a single virtual router.

In the Server Properties group box, modify the parameters for a specific server if necessary (Table 21).

Select the server in the Available Servers list.

Edit the fields in the Server Properties group box.

When you finish associating the servers you want, click Close.

The application returns to the Create Virtual Router dialog box.

If you have finished configuring the virtual router, click Save. Otherwise, continue to the next tab.

Moving RADIUS Servers

If you have more than one authentication or accounting server in a list, you can rearrange the order of the servers. The order of servers in a list dictates the order in which a virtual router uses the servers.

To move the servers in a list:

On the Authentication or Accounting server tab, select the server that you want to move.

Click Move Up or Move Down.

Click OK.

RADIUS Messages

On the Create Virtual Routers tab, the Messages tab displays RADIUS attributes that communicate information between the device and the RADIUS server.
Configuring Global Traps

The Global Traps tab allows you to change parameters for this virtual router. From the Global Traps tab you access the Trap Source Selection dialog box. When an interface is selected, the Global Trap Source text field is populated with the location information for the selected interface. If no interface is selected, -None- is displayed.

To configure Global Traps:
Click the Global Traps tab.
Set the global traps parameters (Table 22).
 Table 22:  Global Trap Parameters  

 Parameter
 Description

 Global Trap Source

 Interface index of the interface whose IP address is used as the source IP address for outbound SNMP traps. Default is -None-.
 Click 
 to select a trap source from the Select Trap Source dialog box. See Related Dialog Boxes.


 Global Severity Filter

 Defines the global minimum severity level that a trap must have to be forwarded to host-level trap processing. A trap is discarded if its security level is less than the value of this filter. 
 Levels include: 

   Emergency—System unusable
   Alert—Immediate action needed
   Critical—Critical conditions exist
   Error—Error conditions exist
   Warning—Warning conditions exist
   Notice—Normal but significant conditions exist
   Informational—Informational messages (default)
   Debug—Debug messages



 Enabled Traps

 Bit mask designating the specific trap types enabled for transmission to this trap destination. Up to 20 traps can be enabled. Default: all bits are selected. 



 
If you have finished configuring the virtual router, click Save. Otherwise, continue to the next tab.
Configuring Trap Destinations

The Trap Destinations tab allows you to associate a trap destination with any E-series device's virtual router that does not yet have the maximum number of trap destinations associated with it. When you select the device row in the Associate Trap Destinations table, the Device Trap Parameters fields are populated with the values specific to the selected trap destination of this virtual router.

The Add/Remove Destination button starts the Add/Remove Trap Destination dialog box. From this dialog box, you make selections of available trap destinations that you want to associate with the virtual router.

To configure trap destinations:
Click the Trap Destinations tab.

Set the Trap Destinations parameters (Table 23).
 Table 23:  Trap Destination Parameters (Create Virtual Router) 

 Field
 Description

 Associate Trap Destinations

 Trap Destination list

 Lists associated trap destinations and associated information (IP Address, UDP Port, Community Name, SNMP Protocol Version)


 Add/Remove Destination

 Click to access the Add/Remove Device dialog box. From this dialog box you can associate virtual routers with trap destinations. See Related Dialog Boxes.


 Trap Destination Properties

 Host Name

 Name of trap destination host; cannot edit


 IP Address

 IP address of the authorized SNMP trap recipient; cannot edit


 UDP Port

 UDP port to which traps will be sent; cannot edit


 Community Name

 SNMP community name to be used in traps sent to this destination; cannot edit


 Protocol Version

 Format of the SNMP trap PDU to be sent to this trap destination; cannot edit

   v1—Default; SNMPv1 (defined in RFC 1157)
   v2c—SNMPv2c (community-based SNMPv2, defined in RFC 1901 and RFC 1905)
   v3—SNMPv3 (compliant with RFCs 2570-2575)



 Device Trap Parameters

 Enabled Traps

 Bit mask designating the specific trap types enabled for transmission to this trap destination. Up to 19 traps can be enabled. 


 Queue

 Size

 Maximum number of traps to be kept in the queue; 
range 32-2147483647


 Severity Filter

 Minimum severity value that an SNMP trap must have to be forwarded to this host. A trap is discarded if its security level is less than the value of this filter. 
 Levels include: 

   Emergency—System unusable
   Alert—Immediate action needed
   Critical—Critical conditions exist
   Error—Error conditions exist
   Warning—Warning conditions exist
   Notice—Normal but significant conditions exist
   Information—Informational messages
   Debug—Debug messages



 Full

 Method for handling Queue-Full condition. Options: Drop Last In or Drop First In


 Ping Timeout (min)

 Number of minutes that this host is pinged repeatedly; 
range 0-90


 Drain Rate

 Maximum number of traps per second to be sent to this host. Value of 0 indicates that there is no control over the drain rate; range 0-2147483647


 Enable Log Varbinds

 (Optional) Configures the associated SNMP agent to include notification log name and the corresponding log index as part of the trap messages sent to this host. Options: Enable or Disable



 
Click the Add/Remove Destination button.
The Add/Remove Trap Destinations dialog box appears. See Related Dialog Boxes for information about adding or removing trap destinations.

Select a device from the Associate Trap Destinations list.

The Trap Destinations Properties fields are populated with the parameters associated with the currently selected device from the table.

(Optional) Modify the Device Trap Parameters fields. (See Table 23.)

Click OK.

Related Dialog Boxes

Associate Virtual Router

To duplicate accounting records:

In the AAA tab in the Create Virtual Router dialog box, click to the right of the Duplication text box.

The Associate Virtual Router dialog box appears.

Select the virtual router that you want to receive duplicate accounting records.

Click OK.

Select Trap Source

To select a trap source:

In the Global Traps tab, click to the right of the Global Trap Source text box.

The Select Trap Source dialog box appears.
Select the IP interface you want to use as the global trap source.

Click OK.

Add/Remove Trap Destinations

The Add/Remove Trap Destinations dialog box appears when you select the Add/Remove Destination button on the Trap Destinations tab of the Create Virtual Router dialog box. Use this dialog box to add or remove a trap destination.
To add a trap destination:

From the Available Destinations table, click an item in the list.

(Optional) Edit the Device Trap Parameters fields for the trap destination. See Table 23.

Click Add.

The item is added to the Selected Destinations table.

Repeat Steps 1-3 for each available destination that you want to add.

Click Close.

To remove a trap destination:

From the Selected Destinations table, click an item in the list.

When you select an item in the Selected Destinations table, the values are populated in the Trap Destination Properties fields.

Click Remove.

The destination is removed from the Selected Destinations list.

Repeat Steps 1 and 2 for each destination that you want to remove.

Click Close.

To remove all destinations:

Click Remove All.

All destinations are deleted from the Selected Destinations table.

Click Close.

Parameter	Description
SSCC Client Enabled	Enables the SDX client
Primary Address	IP address for the primary SDX server
Secondary Address	IP address for the secondary SDX server (optional)
Tertiary Address	IP address for the tertiary SDX server (optional)
Switchover Timeout (sec.)	Number in the range 5-300 seconds. The delay period during which the SDX client waits for a response from the SDX server. When the timer expires, the client attempts to reach the secondary server and, if that fails, the tertiary server, before trying the primary server again. The client waits for the delay period with each attempt.
Primary Port	Port on which the primary SDX server listens for activity
Secondary Port	Port on which the secondary SDX server listens for activity (optional)
Tertiary Port	Port on which the tertiary SDX server listens for activity (optional)
SNMP Community Strings
Read Only	SNMP Read Only community string used by SDX application when communicating with this virtual router; up to 32 alphanumeric characters
Read Write	SNMP Read/Write community string used by SDX application when communicating with this virtual router; up to 32 alphanumeric characters

Parameter	Description
Authentication
Protocol	Currently, the only protocol option available for authentication is RADIUS, a distributed client/server system that protects networks against unauthorized access. Option is set automatically.
User Session
Idle Timeout (sec)	Maximum number of seconds that a user session can be idle before the system disconnects the user. Range 0 or 300-7200; zero means no limit; default 0.
Session Timeout (sec)	Maximum number of seconds that a user session can be established before the system disconnects the user. Range 0 or 60-604800; zero means no limit; default 0.
Accounting
Protocol	Currently, the only protocol option available for accounting is RADIUS. Option is set automatically.
Interval(min)	Specifies the number of minutes between accounting updates. Range 10-1080; default 0; zero (0) disables.
Stop on Failure	Enables/disables the accounting stop message sent to the accounting server when the authentication server access is denied. Default: disabled.
Stop on Access Deny	Enables/disables the accounting stop message sent to the accounting server when the authentication server grants access, but AAA denies access. Default: disabled.
Duplication	Specifies that duplicate accounting records are to be sent to the accounting server on another virtual router. Click to select a virtual router from the Associate Virtual Routers dialog box.

Parameter	Description
Addressing Scheme	Local—Enables the use of a local address pool for address allocations DHCP—DHCP relay server supplies the IP addresses
Duplicate Address Check	Enables/disables the duplicate IP address checking, which causes the system to check the routing table for the PPP user's dynamic IP address provided to PPP from AAA; default: disabled.
Name Servers
Primary DNS	IP address of the primary DNS name server
Secondary DNS	IP address of the secondary DNS name server
Primary WINS	IP address of the primary WINS name server
Secondary WINS	IP address of the secondary WINS name server

Parameter	Description
Radius Algorithm	Direct—The first authentication or accounting server that you configure is treated as the primary authentication or accounting server, the next server configured is the secondary, and so on. Round-robin—The first configured server is treated as a primary for the first request, the second configured server as primary for the second request, and so on. When the system reaches the end of the list of servers, it starts again at the top of the list.
Authentication/Accounting Servers	The Radius tab allows you to associate authentication and accounting servers with the virtual router you are creating. See Associating RADIUS Servers with a Virtual Router.
Server Properties
Server Name	Name associated with this server; up to 32 alphanumeric characters
IP Address	Valid IP address for the server
UDP Port	Number in the range 0-65536 representing the port where the RADIUS server resides
Retry Count	Number in the range 0-16 representing the number of times the E-series device will attempt to resend a request to the server before sending it to the next server in the list
Timeout (sec)	Number in the range of 3-30 seconds representing the amount of time that will elapse between retry attempts
Max. Sessions	Number in the range 10-4000 representing the outstanding requests that the server can have before it sends any new requests to the next server
Dead Time (min)	Amount of time that will elapse before another attempt is made to reach that system. A server that fails to answer a request is marked unavailable; range 0-30 minutes.
Secret	Used for encrypting communication between the client and the server. Up to 32 characters. Default: blank.

Parameter	Description
Global Trap Source	Interface index of the interface whose IP address is used as the source IP address for outbound SNMP traps. Default is -None-. Click to select a trap source from the Select Trap Source dialog box. See Related Dialog Boxes.
Global Severity Filter	Defines the global minimum severity level that a trap must have to be forwarded to host-level trap processing. A trap is discarded if its security level is less than the value of this filter. Levels include: Emergency—System unusable Alert—Immediate action needed Critical—Critical conditions exist Error—Error conditions exist Warning—Warning conditions exist Notice—Normal but significant conditions exist Informational—Informational messages (default) Debug—Debug messages
Enabled Traps	Bit mask designating the specific trap types enabled for transmission to this trap destination. Up to 20 traps can be enabled. Default: all bits are selected.

Field	Description
Associate Trap Destinations
Trap Destination list	Lists associated trap destinations and associated information (IP Address, UDP Port, Community Name, SNMP Protocol Version)
Add/Remove Destination	Click to access the Add/Remove Device dialog box. From this dialog box you can associate virtual routers with trap destinations. See Related Dialog Boxes.
Trap Destination Properties
Host Name	Name of trap destination host; cannot edit
IP Address	IP address of the authorized SNMP trap recipient; cannot edit
UDP Port	UDP port to which traps will be sent; cannot edit
Community Name	SNMP community name to be used in traps sent to this destination; cannot edit
Protocol Version	Format of the SNMP trap PDU to be sent to this trap destination; cannot edit v1—Default; SNMPv1 (defined in RFC 1157) v2c—SNMPv2c (community-based SNMPv2, defined in RFC 1901 and RFC 1905) v3—SNMPv3 (compliant with RFCs 2570-2575)
Device Trap Parameters
Enabled Traps	Bit mask designating the specific trap types enabled for transmission to this trap destination. Up to 19 traps can be enabled.
Queue
Size	Maximum number of traps to be kept in the queue; range 32-2147483647
Severity Filter	Minimum severity value that an SNMP trap must have to be forwarded to this host. A trap is discarded if its security level is less than the value of this filter. Levels include: Emergency—System unusable Alert—Immediate action needed Critical—Critical conditions exist Error—Error conditions exist Warning—Warning conditions exist Notice—Normal but significant conditions exist Information—Informational messages Debug—Debug messages
Full	Method for handling Queue-Full condition. Options: Drop Last In or Drop First In
Ping Timeout (min)	Number of minutes that this host is pinged repeatedly; range 0-90
Drain Rate	Maximum number of traps per second to be sent to this host. Value of 0 indicates that there is no control over the drain rate; range 0-2147483647
Enable Log Varbinds	(Optional) Configures the associated SNMP agent to include notification log name and the corresponding log index as part of the trap messages sent to this host. Options: Enable or Disable

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]